Typical users are known to use and reuse weak passwords. Yet, as cybersecurity concerns continue to rise, understanding the password practices of software developers becomes increasingly important. In this work, we examine developers' passwords on public repositories. Our dedicated crawler collected millions of passwords from public GitHub repositories; however, our focus is on their unique characteristics. To this end, this is the first study investigating the developer traits in password selection across different programming languages and contexts, e.g. email and database. Despite the fact that developers may have carelessly leaked their code on public repositories, our findings indicate that they tend to use significantly more secure passwords, regardless of the underlying programming language and context. Nevertheless, when the context allows, they often resort to similar password selection criteria as typical users. The public availability of such information in a cleartext format indicates that there is still much room for improvement and that further targeted awareness campaigns are necessary.

翻译：典型用户已知会使用和重复使用弱密码。然而，随着网络安全问题的日益严重，理解软件开发者的密码实践变得愈发重要。本研究考察了开发者在公共仓库中的密码使用情况。我们的专用爬虫从公开的 GitHub 仓库中收集了数百万个密码，但我们的重点在于其独特特征。为此，这是首次调查开发者在不同编程语言和上下文（如电子邮件和数据库）中密码选择特征的研究。尽管开发者可能无意中在公共仓库中泄露了代码，但我们的发现表明，无论底层编程语言和上下文如何，他们倾向于使用明显更安全的密码。不过，当上下文允许时，他们往往又会采用与典型用户相似的密码选择标准。此类信息以明文形式公开可用，表明仍有很大的改进空间，且需要进一步的针对性意识宣传活动。